Checked C adds static and dynamic checking to C to detect or prevent common programming errors such as buffer overruns and out-of-bounds memory accesses. The goal of the project is to improve systems programming by making fundamental improvements to C. This repo contains sample code, the extension specification, and test code.
- For a quick overview of Checked C, more information, and pointers to example code, see our Wiki.
- The PDF of the specification is available here.
- Compilers are available here.
We are hiring.
We have positions available for a Principal Software Engineer and Senior Software Engineer. We are looking for engineers who have production compiler development experience and who value shipping software.
We presented another paper
on Checked C at the 2019 Principles of Security and Trust Conference:
"Achieving Safety Incrementally With Checked C".
This paper describes a tool for converting existing C code to use Ptr types. It also proves a blame
property about checked regions that shows that checked regions are blameless for any memory corruption.
This proof is formalized for a core subset of the language extension.
|Debug X86 Windows||Checked C and clang regression tests|
|Debug X64 Windows||Checked C and clang regression tests|
|Debug X64 Linux||Checked C and clang regression tests|
|Release X64 Linux||Checked C, clang, and LLVM nightly tests|
We're happy to have the help! You can contribute by trying out Checked C, reporting bugs, and giving us feedback. There are other ways to contribute too. You can join the mailing lists for announcements about the project.
The software in this repository is covered by the MIT license. See the file LICENSE.TXT for the license. The Checked C specification is made available by Microsoft under the OpenWeb Foundation Final Specification Agreement, version 1.0. Contributions of code to the Checked LLVM/clang repos are subject to the CLANG/LLVM licensing terms.